|
306891
|
8.1 |
HIGH
Network
|
-
|
-
|
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_passwo…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-9305
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306892
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimat…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-9105
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306893
|
5.6 |
MEDIUM
Network
|
-
|
-
|
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated v…
|
CWE-703
Improper Check or Handling of Exceptional Conditions
|
CVE-2024-9104
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306894
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in al…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8787
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306895
|
7.3 |
HIGH
Local
|
microsoft
|
windows_server_2016
windows_server_2019
windows_server_2022
windows_11_22h2
windows_11_21h2
windows_10_22h2
windows_10_21h2
windows_10_1809
windows_10_1607
windows_11_23h2<…
|
Summary
Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated v…
|
NVD-CWE-Other
|
CVE-2024-38202
|
2024-10-16 11:15 |
2024-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306896
|
- |
|
apple
|
safari
|
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
|
CWE-399
Resource Management Errors
|
CVE-2010-0048
|
2024-10-16 06:35 |
2010-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306897
|
- |
|
apple
|
safari
|
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML obj…
|
CWE-399
Resource Management Errors
|
CVE-2010-0047
|
2024-10-16 06:35 |
2010-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306898
|
7.8 |
HIGH
Local
|
adobe
|
incopy
|
InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-41858
|
2024-10-16 05:51 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306899
|
6.1 |
MEDIUM
Network
|
lemonldap-ng
|
lemonldap\
|
A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set…
|
CWE-79
Cross-site Scripting
|
CVE-2024-48933
|
2024-10-16 03:56 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306900
|
9.8 |
CRITICAL
Network
|
internet-formation
|
wp-advanced-search
|
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
|
CWE-89
SQL Injection
|
CVE-2024-9796
|
2024-10-16 03:46 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
